I’ve come across this video the other day of an interesting presentation from OWASP AppSec USA by Ondrej Krehel of LIFARS. It’s about a year old, but it’s still very relevant.
Investigation of hacking incidents often requires combine effort of different technologies. Evidence and forensics artifacts are often found in various forms and formats. Network Forensics is one of the components in the process of finding compromised hosts, capturing and reconstructing malicious sessions. Attacks on web vulnerabilities can be replayed and transmitted data uncovered.
The video covers open source tools used for investigation of web compromised hosts and network forensics. Variety of tools can produce quite significant supplement to electronic evidence, and in many cases also capture the malicious executables transmitted in the traffic, or ex-filtrated data. Various network protocols and their structure are presented as well. Open source Network forensic tools are used on the traffic captured from a hacked web server. Different tools are introduced for specific tasks in the investigation process. Captured traffic are analyzed and reconstructed, and various artifacts found in the investigation are discussed.
Now, here is the video, enjoy: